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We Claim: 

1 . An on-line purchase and load (OPAL) server for performing a transaction over a 
network using a virtual smart card, said OPAL server comprising: 

a virtual smart card database having a plurality of records, each record including a 
virtual card identifier and a balance corresponding to a single virtual smart card; 

a hardware security module; 

a smart card emulator that receives smart card commands and processes said 
commands in conjunction with said virtual smart card database and said hardware 
security module; and 

a pseudo card reader module that receives said smart card commands and relays 
said commands to said smart card emulator, whereby said OPAL server performs a 
transaction over said network using one of said records in said virtual smart card 
database. 

2. An OPAL server as recited in claim 1 wherein said virtual card database further 
includes purchase algorithm identifiers, and wherein said hardware security module 
includes a plurality of purchase algorithms that are identified for use by one of said 
purchase algorithm identifiers, whereby said hardware security module may be used to 
perform cryptographic functions associated with a purchase. 

3. An OPAL server as recited in claim 1 further comprising: 

a user verification module that verifies a user accessing said OPAL server and 
generates a user identifier, said user identifier being suitable to identify one of said virtual 
smart card records in said card database. 
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4. An OPAL server as recited in claim 1 wherein said smart card emulator and said 
pseudo card reader module are implemented as a single software module. 




5. An OPAL server as recited in claim 1 wherein said network is an internet over 
which said OPAL server communicates with a merchant server and a payment server to 
transact a purchase. 



6. An OPAL server as recited in claim 1 wherein said network is an internet over 
which said OPAL server communicates with a bank server and a load server to load value 
onto said virtual smart card. 



7. An OPAL server as recited in claim 1 wherein said network is an internet over 
which said OPAL server communicates with a web server and an authentication server to 
authenticate a user. 



8. An OPAL server as recited in claim 1 wherein said OPAL server communicates 
over said network with a payment gateway for funding account authorization and 
clearing. 



A network payment system for transacting a sale of merchandise over a network 
using a virtuaTsmaj^card, said networl^payment system comprising: 



a router for routing comnmiiisatigri between entities attached to said network; 



a merchant server in commi 



ication with smfriietwork, said merchant server 



having at least a first item of merchandise for sale; 
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a client terminal in communication with said network, said client terminal 
including an output device for reviewing said first item for sale and an input device for 
initiating a pVrchase transaction to purchase said first item for sale; 

an on-line purchase server having a record in a database representing a virtual 
smart card; and \ 

a payment server in communication with said network, said payment server 
including an interface tbr communicating with a security card and being arranged to 
receive a purchase message from said on-line purchase server and to transmit a 
confirmation message to sard merchant server over said network, whereby said merchant 
server is authorized to release^said item of merchandise to a user associated with said 
virtual smart card. \ 

10. A network payment system as recited in^claim 9 wherein said network is an 
internet and said merchant server includes^ merchant web site for advertising said first 
item for sale over said internet. K J 

11. A network payment system as recited in claim 9 wherein said on-line purchase 
server further includes \ 

a hardware security module; \ 

a smart card emulator that receives smart card commaWls and processes said 
commands in conjunction with said virtual smart card record of\aid database and said 
hardware security module, whereby said on-line purchase server implements a secure 
purchase over said network. \ 

12. A computer-implemented method of transacting a sale of an item over\a network 
using an on-line purchase server having a record in a database representing a vimial 
smart card, said method comprising: ^ 
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rB&eiving a cost of said item to be purchased by a user, said cost originating from 
a merchant sender over said network; 

formulating a draw request message using information in said virtual smart card 

record; 

sending said dra^urequest message to a payment server connected to said network 
so that said draw request m^y be processed by a security card associated with said 
payment server; 

receiving a debit commaAi from said payment server; 

debiting a balance amount inlaid virtual smart card record by said cost; and 

sending a debit response messagk to said payment server, whereby said merchant 
server may be informed that said sale of said item is a success and said merchant server 
may release said item to a user associated with said) virtual smart card record. 



13. A method as recited in claim 12 wherein saipmetwork is an internet and said 
merchant server includes a merchant web sitejor advertising said item over said internet. 



14. A method as recited in claim 12 wherein said on-line purchase server includes a 
smart card emulator and said method further comprises: 

sending smart card commands to said smart card emulator that processes said 
commands in conjunction with said virtual smart card record of said database to assist in 
formulating said draw request message. 



15. A method as recited in claim 14 wherein said on-line purchase server includes a 
hardware security module and said method further comprises: 
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lerating cryptographic signatures for use in transacting said sale using said 
hardware sete<jirity module, whereby said on-line purchase server implements a secure 
transaction oveX said network. 



16. A network loaoing system for loading value over a network onto a virtual smart 
card, said network loading system comprising: 

a router for routing communication between entities attached to said network; 

a bank server in commurdcation with said network, said bank server arranged to 
debit a user account by an indicated value; 

a client terminal in communication with said network, said client terminal 
including an input device for indicatingVa value to debited from said user account; 



an on-line load server having a recoi 
card; and 



4rJ a database representing a virtual smart 



said network, said issuer load server 
dware security module and being 
a virtual smart card signature and being 



an issuer load server in communicati on 
including an interface for communicating wi 
arranged to receive a load request including 1 
further arranged to transmit a confirmation message to haid bank server over said 
network, thereby confirming that said virtual smart card lr^s been loaded by said 
indicated value. 



17. A network loading system as recited in claim 16 wherein said network is an 
internet and said bank server includes a bank web site for accepting a. load request. 



18. A network loading system as recited in claim 16 wherein said on-lin^ load server 
further includes 

a hardware security module; 
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a^smart card emulator that receives smart card commands and processes said 
commands in conjunction with said virtual smart card record of said database and said 
hardware security module, whereby said on-line load server implements a secure load 
over said network. 



19. A network loading system as recited in claim 16 wherein said on-line load server 
and said issuer load server are the same computer. 



20. A computer-implemented method of loading a virtual smart card over a network, 
said virtual smart card being represented as a record in a database of an on-line load 
server, said method comprising: 

receiving from a bank server aVequest to load value onto said virtual smart card; 

formulating a load request message usirig information in said virtual smart card 

record; 

sending said load request message 1c > an\ssuepload server connected to said 
network; 

receiving a load command from said issuer loVd server; 
loading said virtual smart card by said load value! and 




sending confirmation information to said bank servei^ whereby said bank server is 
assured that said loading is a success. 



21. A method as recited in claim 20 wherein said network is an internet and said bank 
server includes a bank web site for accepting a load request. 
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2%. A method as recited in claim 20 wherein said on-line load server includes a smart 
cardWnulator and said method further comprises: 

seeding smart card commands to said smart card emulator that processes said 
commands m conjunction with said virtual smart card record of said database to assist in 
formulating said load request message. 

23. A method as recited in claim 22 wherein said on-line load server includes a 
hardware security module and said method further comprises: 

generating cryptographic signatures for use in transacting said load using said 
hardware security module, wnereby said on-line load server implements a secure load 
over said network. \ 

24. A method as recited in claim 20\wherein saM on-line load server and said issuer 
load server are the same computer. \ If / 

25. A network authentication system figff-^henticating a user over a network using a 
virtual smart card, said network payment system comprising: 

a router for routing communication between entities attached to said network; 

a web server in communication with said network, skid web server allowing a 
user to redeem loyalty points in exchange for benefits; \ 

a client terminal in communication with said network, said, client terminal 
including an output device for reviewing said benefits and an input qevice for initiating a 
redemption of said loyalty points; \ 

an on-line loyalty server having a record in a database representing^ virtual smart 
card; and \ 
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an authentication server in communication with said network, said authentication 
server including an interface for communicating with a security card and being arranged 
to receive a debit message from said on-line loyalty server and to transmit a confirmation 
message to said inerchant server over said network, whereby said merchant server is 
authorized to release said benefits to a user associated with said virtual smart card. 

26. A network authentication system as recited in claim 25 wherein said network is an 
internet and said web serverVicludes a web site for displaying said benefits over said 
internet. \ 

27. A network authentication system as recited in claim 25 wherein said on-line 
loyalty server further includes \ ff J 

a hardware security module; 

a smart card emulator that receives smartje^rd commands and processes said 
commands in conjunction with said virUia^rmur^ard record of said database and said 
hardware security module, whereby said on-line loValty server implements a secure 
authentication over said network. \ 

28. A network authentication system as recited in claim %5 wherein said on-line 
loyalty server and said authentication server are the same comVuter. 

29. A network authentication system as recited in claim 25 wherein said virtual smart 
card record in said database stores said loyalty points belonging to saiosuser, and wherein 
said on-line loyalty server is further arranged to debit said loyalty points \ 
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3\ A computer-implemented method of redeeming loyalty points over a network 
usinkan on-line loyalty server having a record in a database representing a virtual smart 
card, sai^l method comprising: 

receiving an amount of loyalty points to be redeemed by a user for benefits, said 
amount originating from a web server over said network; 

formulatingsa draw request message using information in said virtual smart card 

record; 

sending said dra^srequest message to an authentication server connected to said 
network so that said draw request may be processed by a security card associated with 
said authentication server; 

receiving a debit command from said authentication server; 

debiting a balance of said loyhjty points in said virtual smart card record by said 
amount; and 



sending a debit response message tovsjaid authentication server, whereby said web 



server may be informed that said redemptio 
web server may release said benefits to a usbr ai 
record. 




Royalty points is a success and said 
with said virtual smart card 



31. A method as recited in claim 30 wherein said netwbrk is an internet and said web 
server includes a web site for displaying said benefits over said internet. 



32. A method as recited in claim 30 wherein said on-line loyalty\erver includes a 
smart card emulator and said method further comprises: 

sending smart card commands to said smart card emulator that processes said 
commands in conjunction with said virtual smart card record of said database\to assist in 
formulating said draw request message. 
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33. 



Ithod as recited in claim 32 wherein said on-line loyalty server includes a 



hardware security moc 



id said method 



generating cryptographic signatures" 
said hardware security module, whereby sa dj 
transaction over said network. 



^r comprises: 

Is^m transacting said redemption using 
line loyalty server implements a secure 



\ 
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